I tried everything to delete this spyware and it keeps loading up. Also the uninstaller has a virus in it. Can anyone help me!!! ??? :o >:(
Never Mind it I finally deleted it : God I hate Spyware…
I tried everything to delete this spyware and it keeps loading up. Also the uninstaller has a virus in it. Can anyone help me!!! ??? :o >:(
Never Mind it I finally deleted it : God I hate Spyware…
Heidellon,
Have you tried SpywareGuard and SpywarBlaster yet?
They run resident and do a good job of preventing spyware from ever getting to your system.
Adaware and Spybot are great manual scanners.
Here’s a “sleeper” you can try to get. Search the web for a download of Spyblocker 4.73
You won’t be able to find 4.75, but .73 works just as good. The Newest version is Payware and I would not waste my time with the Trial copy. The 4.73 runs resident and blocks: cookies, spyware, scripts, bugs worms, ads, and such. Has an exceptions list…nice feature.
Good luck.
Yea I got Spyware Guard now. It’s great thank you btw. MySearchNow installed itself when I was upgrading my MSN Plus last night. I didn’t remember how it got there but it got really annoying at the time. Plus the uninstaller had a virus off the MySearchNow site…
Heidelloon
MySearchNow installed itself when I was upgrading my MSN Plus last night.I think you meant [b]Messenger Plus[/b]. You had an option [b]not[/b] to install the sponsored add ons. Guess you didn't see that. It has nothing to do with MSN. Delete all files and folders associated with MySearchNow and clear your Tempfolder Also delte your restore point id your using System Restore. Do all of this in safe mode (F8 boot) otherwise some of the files in your temp folder will not get erased.
If that doesn’t get rid of it, try HijackThis.
How did you get rid of it? I have tried everything and cannot seem to kill it.
Thanks,
Kevin
Kevin, if you click ‘Cleaning’ on my signature, will it help?
Could you post the name and the path of the infected file?
Also try running CWshredder: http://cwshredder.net/bin/CWShredder.exe
Also post a hijackthis log (if CWS still gives you problems): http://www.merijn.org/files/hijackthis.zip
–lee
I seemed to have got this thing when my girlfriend installed MessengerPlus.
I have used Bugoff, CBS Shredder, NoAdware, Spybot, Adware SE, Buster, Hijackthis, Microsoft AntiSpyware, CCleaner, SpywareBlaster, SpywareGuard, the “Clean.bat” from another site, etc.
I use AVG Virus but also have Norton. Neither recognize it.
The Giant Microsoft AntiSpyware recognizes it as LOP and says it is deleting it, but is never goes away. None of the other programs even recognize it.
CCleaner cleans things and they are clean for a few seconds.
In a nutshell the virus:
Consistently tries to change my IE browser settings. If I have anything like SpywareGuard installed, it drives me nuts with messages.
It always redirects searches to My Search Now. It also will put up a pop-up window at the bottom of the screen that is associated with My Search Now that stays even when I leave Internet explore. Sometimes I can close this window but sometimes I cannot.
It can be seen in the \documents and settings\user\local settings\temp directory. It has a name that is eight characters (always changing) and an .exe extension. There is normally one or two .tmp files with it. On one occasion when I did get rid of this for a few minutes, it seemed to live in the \documents and settings\user\local settings\temporary internet files directory or \history and was labelled something like “content.ie5”
Then I always get files in the \temporary internet files directory (content.ie5) after a few minutes.
It also lives in the \windows\temp directory as file called Perflib_Perfdata_2f0.dat where the last few characters change over time.
It creates subdirectory c:!submit at times as well and puts files in there.
I have been chasing it for 4 days now and getting rid of changes it makes. But I cannot seem to find the source of the problems. I have cleaned most of the programs off my system (almost nothing left except Norton and Office).
Also it created a directory in \documents and settings\User\Application Data\proc Glue Bone with some files like MOVE OKAY.exe. I deleted this stuff a few times and it has come back although I have not seen this part come back in one day and might have killed part of it???
I have turned off system restore funtions, delete all files in recycled bin, etc.
Have tried everything in Safemode, regular mode, etc. with the same luck.
Panda sofware scan a few days ago recognized it as LOP as well. However, recent scans with Panda don’t recognize it anymore although it is there. Trend Micro scan did not recognize it.
HELP!
Thanks,
Here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:00:37 PM, on 4/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\CCleaner\ccleaner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kevin McDermott\Desktop\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM..\Run: [ccApp] “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I am not sure what you mean by clicking “cleaning on my signature?”
You may have noticed these forums are for the avast! anti-virus software so we won’t be able to help with your AVG or Norton problem of not detecting or cleaning this.
I have done an on-line analysis of your log and it looks clean. For an on-line scan of your Hijackthis log file try here http://hijackthis.de/index.php
In the signature at the bottom of his post is the word cleaning, that is a link to more general cleaning information.
Sorry for not replying back…Well if I remember how to do it. Okay…follow these steps…
if you use windows xp pro you can press control + alt + del or go to task manager and click processes and what you dont know about del because it might be spyware well thats one way but its hard because you might be deling a system file so you have to run find. but its safes you from downloading files. if you dont want to do that do what the others did up there
Hi, kfmcd,
you might also want to check & fix the following item in HJT:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01